Linux permissions
Preface
Linux learning begins!
Today we continue to learn about commands!
Study seriously and get to the place you have always longed for!
Note: The operations in this article are all run on a virtual machine
1. Shell commands and operating principles
Strictly speaking, Linux is an operating system, which we call the "kernel", but we ordinary users cannot use the kernel directly.
Instead, it communicates with the kernel through the kernel's "shell" program, the so-called shell. How to understand? Why can't I use the kernel directly?
From a technical perspective, the simplest definition of Shell: the command interpreter (command Interpreter) mainly includes:
Translate the user's commands to the kernel for processing.
At the same time, the core processing results are translated to the user.
Compared with Windows GUI, when we operate Windows, we do not directly operate the Windows kernel, but click through the graphical interface to complete our operations (for example, to enter the D drive, we usually double-click the D drive letter. Or run up an app).
The shell has the same function for Linux, mainly parsing our instructions and parsing the instructions to the Linux kernel. The feedback results are run through the kernel and parsed to the user through the shell.
How to compare it? Just like a programmer who works at home all year round, when he reaches the marriageable age, he needs to find a skilled matchmaker (shell) to arrange a marriage, so that he can talk about marriage with a girl (operating system) from another family!
2. The concept of Linux permissions
There are two types of users in Linux: super user (root) and ordinary user.
. Super user: can do anything under Linux system without restrictions
. Ordinary user: can do limited things under Linux.
. The command prompt of the super user is "#", and the command prompt of the ordinary user is "$".
Command: su [username]
Function: Switch users.
For example, to switch from the root user to the ordinary user user, use su user. To switch from the ordinary user user to the root user, use su
root (root can be omitted). At this time, the system will prompt you to enter the password of the root user
Linux permission management
Classification of file visitors (people)
. The owner of the file and file directory: u—User (Chinese Civilian Legal Issues)
. The user of the group where the owner of the file and file directory is located: g—Group ( Not much to say)
. Other users: o—Others (foreigners)
File types and access rights (thing properties)
File type
d: Folder
-: Ordinary file
l: Soft link (similar to Windows Shortcut)
b: Block device file (such as hard disk, optical drive, etc.)
p: Pipe file
c: Character device Files (such as screens and other serial devices)
s: Socket file
Basic permissions
i. Read (r/4) : Read, for a file, has the permission to read the file content; for a directory, has the permission to browse the directory information
ii. Write (w/2): Write, for the file , has the permission to modify the file content; for the directory, has the permission to delete the files in the mobile directory
iii. Execute (x/1): execute has the permission to execute the file for the file; For directories, you have the permission to enter the directory
iv. “—” means you do not have the permission
How to express file permission values
Character representation method
Octal value representation method
How to set file access permissions
chmod
Function: Set file access permissions
Format: chmod [parameter] permission file name
Common options:
R -> Recursively modify the permissions of directory files
Note: Only the owner and root of the file can change the file's permissions Permissions
Format of chmod command permission value
User identifier +/-=permission character
+: Add the authority represented by the authority code to the authority range
-: Cancel it to the authority range The permission represented by the permission code
=: Grant the permission represented by the permission code to the permission range
User symbol:
u: Owner
g: Owner in the same group
o: Other users
a: All users
Example:
# chmod u+w /home/abc.txt
# chmod o-x /home/abc.txt
chmod a=x /home/abc.txt
Three-digit octal number
Example:
# chmod 664 /home/abc.txt
# chmod 640 /home/abc.txt
chown
Function: Modify the owner of the file
Format: chown [parameter] username file name
Example:
# chown user1 f1
# chown -R user1 filegroup1
chgrp
Function: Modify the group to which a file or directory belongs
Format: chgrp [Parameter] User group name file name
Common options:-R Recursively modify the group to which a file or directory belongs
Example:
chgrp users /abc/f2
umask
Function:
View or modify file mask
New folder default permission=0666Example: Subtract the permission mask from the existing access permissions to generate the default permissions when creating a document. The default mask value for super users is 0022, and for ordinary users, it is 0002. Note: umask permission valueFormat: But in fact, the permissions you see for the files and directories you create are often not the above values. The reason is that when creating files or directories, they are also affected by umask. Assuming that the default permission is mask, the actually created file permissions are: mask & ~umask
The default permission of a new directory is 0777
# umask 755
# umask //查看
# umask 044//设置
file command
Function description: Identify the file type.
Syntax: file [option] File or directory...
Common options:
- c Display the instruction execution process in detail to facilitate troubleshooting or analysis of program execution.
-z Try to decipher the contents of the compressed file
Use sudo to assign permissions
Modify the /etc/sudoers file to allocate files
# chmod 740 /etc/sudoers
# vi /etc/sudoer
Format: The host where the user who accepted the permission logged in = (the user who executed the command) command
Use sudo to call authorized commands
$ sudo –u 用户名 命令
Example:
$ sudo -u root /usr/sbin/useradd u2
Directory permissions
Executable permissions: If the directory does not have executable permissions, you cannot cd into the directory.
Readable permissions: If the directory does not have readable permissions, you cannot view it with commands such as ls Contents of files in the directory.
Writable permissions: If the directory does not have writable permissions, files cannot be created in the directory and files cannot be deleted in the directory
So, here comes the problem~~
In other words, as long as the user has write permissions for the directory, the user can delete the files in the directory, regardless of whether the user Have write permission for this file.
How to solve this problem?
In order to solve this unscientific problem, Linux introduced the concept of sticky bits
sticky bit
Example:
[root@localhost ~]# chmod +t /home/ # 加上粘滞位
[root@localhost ~]# ls -ld /home/
drwxrwxrwt. 3 root root 4096 9月 19 16:00 /home/
[root@localhost ~]# su - litao
[litao@localhost ~]$ rm /home/abc.c #litao不能删除别人的文件
rm:是否删除有写保护的普通空文件 "/home/abc.c"?y
rm: 无法删除"/home/abc.c": 不允许的操作
When a directory is set to the "sticky bit" (use chmod +t), the files in the directory can only be accessed by
1. Delete by the super administrator
2. Delete the owner of the directory
3. Delete the owner of the file
Summarize
The executable permissions of the directory indicate whether you can execute commands in the directory
If the directory does not have -x permissions, you cannot execute any commands on the directory, and you cannot even cd into the directory, even if The directory still has -r read permission (it is easy to make a mistake here, thinking that you can enter the directory and read the files in the directory if you have read permission)
And if the directory has -x permission, but does not have -r permissions, the user can execute commands and cd into the directory. However, since there is no read
permission
for the directory, even if you can execute the ls command in the directory, you still do not have permission to read the documents in the directory.